[NTOSKRNL]

- Move to the next entry in the thread IRP list before calling IoCancelIrp because if everything works as expected and IoCompleteRequest is called, we could end up with the IRP ripped out from under us before can move to the next element
- See issue #5550 for details.

svn path=/trunk/; revision=48546

diff --git a/reactos/ntoskrnl/io/iomgr/irp.c b/reactos/ntoskrnl/io/iomgr/irp.c
index a578e89..bd0eb88 100644 (file)
--- a/reactos/ntoskrnl/io/iomgr/irp.c
+++ b/reactos/ntoskrnl/io/iomgr/irp.c
@@ -1047,14 +1047,12 @@ IoCancelThreadIo(IN PETHREAD Thread)
     NextEntry = ListHead->Flink;
     while (ListHead != NextEntry)
     {
-        /* Get the IRP */
+        /* Get the IRP and move to the next entry */
         Irp = CONTAINING_RECORD(NextEntry, IRP, ThreadListEntry);
+        NextEntry = NextEntry->Flink;
 
         /* Cancel it */
         IoCancelIrp(Irp);
-
-        /* Move to the next entry */
-        NextEntry = NextEntry->Flink;
     }
 
      /* Wait 100 milliseconds */